Systems and methods for dynamically assessing and mitigating risk of an insured entity

ABSTRACT

Embodiments of the present invention delineate systems and methods for dynamically assessing and mitigating risk of an insured entity. Additional embodiments of the present invention delineate systems and methods for providing a user of a mobile device with information relevant to a position of a mobile device, wherein such information may describe one of a risk and an opportunity within a predetermined distance of a location for the mobile device.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a divisional application of and claims priority toU.S. Utility patent application Ser. No. 13/189,367, filed Jul. 22, 2011(now scheduled to issue as U.S. Pat. No. 9,838,877 on Dec. 5, 2017)titled, “Systems And Methods For Dynamically Assessing And MitigatingRisk Of An Insured Entity,” which application is a continuation-in-partof and claims priority to U.S. Utility patent application Ser. No.12/060,865, filed Apr. 2, 2008, now issued as U.S. Pat. No. 8,248,237and titled, “System For Mitigating the Unauthorized Use Of A Device,”the disclosures of which are fully incorporated by reference herein forall purposes.

NOTICE OF INCLUDED COPYRIGHTED MATERIAL

A portion of the disclosure of this patent document contains materialwhich is subject to copyright protection. The copyright owner has noobjection to the facsimile reproduction by anyone of the patent documentor the patent disclosure, as it appears in the Patent and TrademarkOffice patent file or records, but otherwise reserves all copyrightrights whatsoever. All trademarks and service marks identified hereinare owned by the applicant.

DESCRIPTION OF THE INVENTION Field of the Invention

The present invention relates to systems and methods for assessing andmitigating risk, and more particularly, to systems and methods fordynamically assessing and mitigating risk of an insured entity.Additional aspects of the present invention relate to systems andmethods for providing a user of a device with information relevant to aposition of the device.

Background of the Invention

Today, the use of electronic devices is widespread. Such devices canincrease a user's productivity and quality of life, but they aresusceptible to loss, theft, or unauthorized use. Examples of suchdevices are cellular phones, portable digital assistants (PDAs), digitalcameras, and laptop computers. These devices often carry private,confidential and/or difficult-to-replace data, and the loss of such datafurther compounds the loss of the electronic device since, while anelectronic device that has been lost or stolen can be physicallyreplaced, oftentimes the data stored on such a device is confidentialand/or irreplaceable.

Additionally, the authorized user (which may or may not be the owner) ofa lost or stolen device may have to deal with ramifications, such as themisuse of information if an unauthorized user (as used herein,“unauthorized user” means anyone other than the authorized user orsomeone authorized by the authorized user to use the device) gainsaccess to information stored on the device. Further, it is not uncommonfor hours or even days to elapse before the owner or authorized user ofsuch a device discovers the loss, and during that time, an unauthorizeduser may be accessing sensitive data, misappropriating information, orrunning up charges for goods or services on the authorized user'saccounts.

A related problem plaguing this industry is fraud. An industry has grownaround the filing of fraudulent claims for allegedly lost or stolenmobile devices. Countless dollars are lost each year as a result offraudulent claims. The current systems and methods employed to check theveracity of such claims are not particularly sophisticated or successfulin detecting and deterring fraud. Therefore, there is a need for moresophisticated systems and methods that overcome these and other problemsassociated with the prior art. Moreover, there is a more general need tointegrate and employ certain functionalities of mobile devices withaspects of the insurance industry, as well as other potentialindustries.

SUMMARY OF THE INVENTION

Both the foregoing summary and the following detailed description areexemplary and explanatory only and are not restrictive of the inventionas claimed.

An embodiment of the present invention discloses a method, comprisingreceiving an insurance claim regarding a mobile device; and evaluatingthe merits of the claim based on information obtained from a provideddatabase, the database configured to store and permit access to trackingand loss information about the mobile device.

Another embodiment of the present invention discloses a method,comprising analyzing a location of an insured mobile device associatedwith an entity; determining a risk level associated with the location ofthe insured mobile device; and generating an insurance risk profile forthe entity based on the location and risk level.

Yet another embodiment of the present invention discloses a method,comprising determining a location of a mobile device associated with anentity; and providing a service to the entity, the service beingdirected to provide a user of the mobile device information describingone or more of a risk and an opportunity within a predetermined distanceof a current location of the mobile device.

BRIEF DESCRIPTION OF THE DRAWINGS

A more complete understanding of the present invention may be derived byreferring to the detailed description and claims when considered inconnection with the following illustrative figures.

FIG. 1 is a flow diagram depicting an exemplary process of the presentinvention.

FIG. 2 is a flow diagram depicting an exemplary process of the presentinvention with respect to a device on which telephone calls can be made.

FIG. 3 is a flow diagram depicting substeps of step 120 according to anexemplary method of the invention.

FIG. 4 is a flow diagram depicting substeps of step 120 according to anexemplary method of the invention.

FIG. 5 is a flow diagram depicting substeps of step 120 according to anexemplary method of the invention.

FIG. 6 is a diagram showing various functionalities of the invention,one or more of which may be included in step 140.

FIG. 7 is a diagram depicting various functionalities of the invention,one or more of which may be included in step 680.

FIG. 8 is a block diagram depicting an exemplary system according tovarious aspects of the present invention.

FIGS. 9-16 depict exemplary notification measures that can be providedon a mobile computing device such as a laptop computer in accordancewith the present invention.

FIGS. 17-25 depict exemplary notification messages that may be displayedon a cellular phone, a PDA, or handheld mobile device.

FIGS. 26-37 depict exemplary screens and processes associated with ahost server as exemplified by embodiments of the present invention.

FIGS. 38-58 illustrate installation and registration of a softwareapplication downloaded onto a mobile device.

FIGS. 59-64 illustrate embodiments of the present invention showing aprocess for uninstalling the application from a mobile device.

FIGS. 65A-65C are flow diagrams depicting exemplary processes of thepresent invention.

FIG. 66 is a flow diagram depicting another exemplary process of thepresent invention.

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS

As used herein, the term “mobile device,” “mobile electronic device,” or“device” generally refers to any electronic device capable of being lostor stolen. A mobile device may be a stand-alone device such as a laptopcomputer, a desktop computer, a mobile subscriber communication device,a mobile phone, a personal digital assistant (PDA), a data tablet, adigital camera, a video camera, a video game console, a media player, aglobal positioning system (GPS), Universal Serial Bus (USB) keys, mobileweapons, and combinations thereof. A mobile electronic device may alsobe any electronic device integrated with another system or device. Forexample, a stereo, global positioning system, or other electronic devicecontained within a vehicle may be monitored and protected in accordancewith the present invention. Software to implement methods of the presentinvention can be (1) installed on, or (2) downloaded onto a mobiledevice indirectly or directly at any time by an authorized user throughthe Internet, SMS text message, or in any other suitable manner and atany suitable time for carrying out a method according to the invention.For example, the software may be installed on the device when purchasedor downloaded after the device is purchased, or even after the device islost or stolen. The mobile device may be insured against loss or theft,and systems and methods of the present invention may operate as part of,or in addition to, an insurance policy on the mobile device.

An authorized user of a mobile device may qualify for a lower insurancepremium if the insured mobile device is protected by a lockout orrecovery service as provided by embodiments of the present invention. Inanother embodiment, an insurance company may mandate recovery or lockoutservices be provided with an insured device where a claim against thepolicy may result in replacement for lost or stolen mobile devices.Therefore, embodiments of the present invention assist with preventinginsurance fraud. For example, if a parent buys a new phone and insuresthe phone against loss or theft, the parent may desire to give theinsured phone to one of his/her children and file an insurance claim toreplace the donated phone, claiming it as a lost or stolen device, thusavoiding the cost of purchasing a new phone. The present invention maybe used to prevent such a fraudulent claim, by, for example, disablinguse of the alleged lost or stolen phone, detecting attempted use of thealleged lost or stolen phone, or tracking location or users of thealleged lost or stolen phone.

In one embodiment, a mobile device operating in conjunction with thepresent invention includes a wireless transceiver to communicate withother systems and devices through a wireless system such as a wirelessmobile telephony network, General Packet Radio Service (GPRS) network,wireless Local Area Network (WLAN), Global System for MobileCommunications (GSM) network, Personal Communication Service (PCS)network, Advanced Mobile Phone System (AMPS) network, and/or a satellitecommunication network. Mobile devices operating in conjunction with thepresent invention may also communicate with other systems and devicesthrough any other type of connection, such as a wired Internetconnection, a wireless Internet connection, a cellular telephone networkconnection, a wireless LAN connection, a wireless WAN connection, anoptical connection, a USB connection, a mobile device synchronizationport connection, a power connection, and/or a security cable.

Systems and methods of the present invention may be employed as part ofa subscriber-based service to help protect and recover a wide variety ofdifferent mobile devices. Authorized users can be linked to multiplemobile devices using a unique identifier for each device. Any suitableidentifier may be provided, such as the serial number of the mobiledevice (or a component thereof), or a numeric, alphabetic, alphanumeric,or other identifier. The identifier can be used to verify the identityof authorized users associated with the device, as well as to monitorthe mobile device and provide for its recovery should it be lost orstolen. In one embodiment of the present invention, for example, theidentifier and information for associated authorized users may be storedin a storage medium (such as a memory on the mobile device or a centralserver) for future reference.

Moreover, a system and method according to the invention may have adifferent response for different inputs or conditions, including thesensing of varying threat levels. For example, a laptop sensing that itis in a prohibited area (such as outside of a building to which it isassigned or in a foreign country) might prevent access with one or moreencryption techniques, delete data or corrupt the hard drive to makedata retrieval difficult or impossible. The same laptop, upon receivinga signal that it is lost within a building to which it is assigned couldsimply provide notification describing how to return the laptop.

Any combination and/or subset of the elements of the methods depictedherein may be practiced in any suitable order and in conjunction withany suitable system, device, and/or process. The methods described anddepicted herein can be implemented in any suitable manner, such asthrough software operating on the mobile device and a host server. Thesoftware may comprise computer-readable instructions stored in a medium(such as the memory of the mobile device or host server) and can beexecuted by one or more processors to perform the methods of the presentinvention.

Turning now to the figures, where the purpose is to describe preferredembodiments of the invention and not to limit same, exemplary methodsaccording to various aspects of the present invention are depicted inFIGS. 1-7.

In method 100 illustrated in FIG. 1, a notification is provided by amobile device to an authorized user (110) describing how to return themobile device. As used herein, “unauthorized user” means any personother than the authorized user. The notification can be provided in anynumber of ways and be triggered by any suitable event. For example, thenotification may be a visual display or an audio signal, such as avoice. The notification should provide adequate information to theunauthorized user to enable the unauthorized user to return the device,and could include one or more of a phone number, address or emailaddress. The notice could also offer a reward for return of the device.

The notice could be triggered in any suitable manner. For instance, theauthorized user could send a signal to the device to display the notice,or the authorized user could contact a service that would send a signalto the device to activate the notice. The notice could also be displayedautomatically, for example, if the wrong password were keyed in apredetermined amount of times or if the device sensed it was in acertain geographical area. Any other suitable self-triggering eventcould also be utilized.

Another and optional feature of the device is detection of a securitycompromise event (120) and a determination (130) of whether the functionof the device should be altered in response to the security compromiseevent. If appropriate, the functionality of the device is altered (140)if a security compromise event (including the device being lost orstolen).

Providing Notification Describing How to Return the Mobile Device

In an exemplary process 100 according to the present invention depictedin FIG. 1, an event 105 triggers a notification to be provided 110 bythe device describing how to return the device. The notification may beprovided in any manner, such as by using a display, microphone, or otheruser interface feature(s) of the mobile device. The notification mayinclude any symbols, characters, numbers, graphics, sounds (includingrecorded voice messages and/or music), and/or any other indicia to aidin describing how to return the device (for example a message displayedon a screen).

The notification may include, for example, one or more of a telephonenumber for a service providing recovery instructions or the telephonenumber of the authorized user, a turn-in location or address,instructions to activate a feature of the mobile device to initiate areturn process, a web address for a service providing recoveryinstructions, and/or a clickable link to a website comprising recoveryinstructions. The notification may also include a message that a rewardis available for turning in the device to a recovery service. In oneembodiment of the present invention, the notification is displayed onthe login screen (including the mechanism for returning the device) suchthat it is the first information seen by a user before the user canaccess the device. If an authorized user (such as the owner) fears theyhave lost control of the device they can remotely activate theapplication on the mobile device and make sure that access is restrictedto only showing a notification and details on how to return the device.One benefit of this approach is the preservation of the confidentialnature of the information located on the mobile device, essentiallyprotecting sensitive information from unauthorized access. An innocentfinder of the mobile device is also able to return the device withouthaving to bypass or break the password on the mobile device to determinethe identity of the authorized user.

When the notification is provided a separate signal or message that themobile device has been lost or stolen. The notification can help anunauthorized user of the mobile device return it to its authorized user,and the notification is likely to increase the probability that theunauthorized user will do so, since he/she is provided with theappropriate instructions or information. Additionally, theconspicuousness of the notification may also deter an unauthorized userwho is a thief from stealing the mobile device or attempting to keep,use, or sell the mobile device.

The notification may be provided to any person (such as the unauthorizedperson currently in possession of the mobile device), as well as otherindividuals, systems, and devices in communication with the mobiledevice. In one exemplary embodiment of the present invention, referringto FIG. 2, providing a notification (110) describing how to return amobile device (such as a mobile phone) may include: determining a phonenumber (210) dialed by the current unauthorized user of the mobiledevice, calling the phone number (220), and presenting a message (suchas pre-recorded, text or message from a live person) (230). The messagemay include any desired information, such a notice that the mobiledevice has been reported lost or stolen, and/or instructions to assistin initiating return of the mobile device.

Alternate embodiments may include presenting an SMS text message, anemail message (e.g., sent to an email address of the current user), asequence of dual-tone multi-frequency (DTMF) tones, and/or any othermessage type. This allows the mobile device to alert the unauthorizeduser in possession of the mobile device that he/she is not authorized touse the device and/or provides instructions on how to return the device.This may expedite the return of the mobile device, as well as to deterindividuals from stealing or withholding the device from its rightfulowner.

The mobile device may include a read-only memory. For purposes of thepresent application, a read only memory (also known as a “ROM”) includesnot only non-modifiable memories such as mask ROMs and one-timeprogrammable PROMs, but also persistent memories that may not bedirectly or indirectly modified through the user interface of a mobiledevice. Such persistent memories may include such storage devices suchas field programmable ROMs, EPROMs, EEPROMs, FLASH memory, magneticstorage devices, optical storage devices, or other storage devices. Invarious embodiments of the present invention, an application may residein a read-only memory of the mobile device detects that a securitycompromise event has occurred. In selected instances, the applicationmay not be terminated by a current user of the mobile device if thecurrent user is not the authorized user, providing additional securityto prohibit unauthorized users from tampering with security protocols.

The mobile device may present an automated message with a variety ofcontent to achieve any desired result to mitigate loss of control. Forexample, but not by way of limitation, the mobile device when detectingthat a security event has occurred, may present an automated message toa current user of the mobile device, wherein the automated messagecomprises at least one of a notification: that the mobile device hasbeen lost or stolen; that the current user may press any button toinitiate contact with a security authority; that the current user of themobile device should return the device; commanding the current user toreturn the device; that a reward is offered for the prompt return of themobile device; and providing instructions for return of the mobiledevice.

The notification may be provided using some or all of the user interfacecapabilities of the mobile device. For example, a notification for alaptop computer may include a large, message on the screen to draw theattention of observers that it is protected, and/or one or more sounds(including music, pre-recorded speech and alarm) played through thelaptop's speaker. Similarly, a cell phone could present a text displayand/or emit sounds to instruct the unauthorized user how to return thedevice or an alarm sound to attract attention to the unauthorized userand make it undesirable to keep the device. The notification may bepresented through one or more of any other user interface feature(s)integrated with, or in communication with, the mobile device, such as aprinter.

Detecting a Security Compromise Event

In the exemplary method shown in FIG. 1, the mobile device detect that asecurity compromise event (120) has occurred. As used herein, a“security compromise event” generally refers to any situation where themobile device (or any physical or functional portion thereof) is (or maybe) outside the exclusive control of an authorized user, and a devicemay be able to detect multiple types of security compromise events, inwhich case the device may have different responses for different typesof security compromise events.

A security compromise event may be actual (e.g., the mobile device hasactually been stolen), or perceived (e.g., an authorized user isuncertain as to the status of the mobile device, but believes it may belost or stolen). A security compromise event may include the loss ofcontrol of the mobile device by the authorized user, the theft of themobile device, a loss of knowledge as to the whereabouts of the mobiledevice, the intrusion of an electronic threat (e.g., an electronicvirus, an electronic worm, and/or an electronic trojan horse), theunauthorized access or attempted unauthorized access to privateinformation in the mobile device, use of the mobile device in a mannernot authorized by a wireless service provider, the device sensing it isin an unauthorized location, entering an incorrect password multipletimes, any other event where compromise of the ownership or security ofthe mobile device is indicated.

A security compromise event may be detected by the mobile device itself,and may be also be reported by an authorized user directly to the deviceor indirectly such as through a security authority or other entity,system or device in communication with the mobile device.

The mobile device may detect a security compromise event in any manner,such as by receiving a message from an authorized user or a securityauthority (such as a governmental law enforcement organization, privatesecurity firm, and/or insurance agency), and in response to the messagedetermining that a breach of security has occurred. The securityauthority may communicate with the mobile device in any desired manner,such as through software operating on a host server in communicationwith a database. As an example, an authorized user can report his/hermobile device is missing to the security authority and instruct thesecurity authority to signal the mobile device of a security threat(i.e., the user believes the mobile device has been lost, stolen, or mayotherwise be subject to unauthorized access). The functionality of themobile device can then be altered as a result (140), as discussedfurther below.

In another embodiment, detecting, by the mobile device, that a securitycompromise event has occurred further comprises: obtaining, from asecurity authority, a pre-stored list of phone numbers characterizingallowable use of the mobile device; comparing a current phone number tothe pre-stored list of phone numbers; and determining that the currentphone number indicates that a call involving the current phone number isnot authorized. In various embodiments, determining that the currentphone number indicates that a call involving the current phone number isnot authorized further comprises one of: determining: that the currentphone number is a phone number associated with a call received by themobile device; and the current phone number is not present within afirst subset of the pre-stored list of phone numbers, the first subsetcomprising phone numbers associated with calls that may be received bythe mobile device; or the current phone number is present within asecond subset of the pre-stored list of phone numbers, the subsetcomprising phone numbers associated with calls that may not be receivedby the mobile device; and determining: that the current phone number isa phone number associated with a call placed by a current user of themobile device; and the current phone number is not present within athird subset of the pre-stored list of phone numbers, the third subsetcomprising phone numbers associated with calls that may be placed by themobile device; or the current phone number is present within a fourthsubset of the pre-stored list of phone numbers, the fourth subsetcomprising phone numbers associated with calls that may not be placed bythe mobile device. In other implementations, determining that thecurrent phone number indicates that a call involving the current phonenumber is not authorized further comprises determining: that the currentphone number is a phone number associated with a call received by themobile device; and the current phone number is not present within afirst subset of the pre-stored list of phone numbers, the first subsetcomprising phone numbers associated with calls that may be received bythe mobile device; or the current phone number is present within asecond subset of the pre-stored list of phone numbers, the subsetcomprising phone numbers associated with calls that may not be receivedby the mobile device.

Any notifications may be provided upon detecting a security compromiseevent, and in addition to other embodiments specified herein, apre-designated contact may be notified that an unauthorized call hasbeen received by the mobile device. Such a pre-designated contact may beidentified by the authorized user at any time, such as during aregistration process.

In another embodiment, determining that the current phone numberindicates that a call involving the current phone number is notauthorized further comprises determining: that the current phone numberis a phone number associated with a call being placed by a current userof the mobile device; and the current phone number is not present withina third subset of the pre-stored list of phone numbers, the third subsetcomprising phone numbers associated with calls that may be placed by themobile device; or the current phone number is present within a fourthsubset of the pre-stored list of phone numbers, the fourth subsetcomprising phone numbers associated with calls that may not be placed bythe mobile device. In the event that a security compromise event hasbeen detected, the mobile device may request a PIN number from thecurrent user; and if the PIN number matches a predetermined PIN number,the current user of the mobile device may be allowed to place the call.

The mobile device may authenticate the validity of a message from asecurity authority, such as by computing a digest of the message andcomparing the digest value to a previously stored authorization digestvalue. The computed digest value may be produced by providing thereceived message to a hashing algorithm such as the MD5 or SHA-1 SecureHashing Algorithm as specified in National Institute of Standards andTechnology Federal Information Processing Standard Publication Number180-1, the disclosure of which is incorporated by reference herein inits entirety. The authorization digest value can be any number, code,value, or identifier that allows a received message to be identified asa valid transmission from a security authority. The stored authorizationdigest value can be provided to the mobile device upon activation of aloss/theft recovery service, as well as in any other desired manner.Unless the authorization digest value matches the stored digest value,the message will not be authenticated and can be disregarded (ifdesired). A mobile device acting on a message from a security authorityneed not necessarily be predicated upon successful authentication of themessage, however. The mobile device may authenticate the validity of themessage in any other desired manner.

The mobile device may also authenticate the validity of a message from asecurity authority or other source by decrypting at least part of themessage with a public key associated with the sender of the message aspart of an asymmetric encryption algorithm. Asymmetric encryptionalgorithms and techniques are well known in the art. See, for example,RSA & Public Key Cryptography, by Richard A. Mollin, CRC Press, 2002,and U.S. Pat. No. 4,405,829, issued Sep. 20, 1983, the disclosures ofwhich are fully incorporated by reference herein. In an illustrativeexample, if two parties (for example, “Alice” and “Bob”) wish tocommunicate securely using public key cryptography, each party begins bygenerating a unique key pair, where one of the keys is a private keythat is kept in confidence by that party, and the other key is a publickey that may be publicly distributed, published only to a messagerecipient, or made available through a public key infrastructure. Thekey generation step need be done by a party only once, provided that theparty's private key does not become compromised or known by anotherparty. If Alice wants to send a message confidentially to Bob, she mayuse Bob's public key to encrypt the message, and once sent, only Bob candecrypt and view the message using Bob's private key. But if Alice alsowanted Bob to have assurance that the message was in fact coming fromher, she could further encrypt the message with her private key beforesending, then when Bob's private key and Alice's public key are used todecrypt the message, Bob knows for certain that he was the intendedrecipient and that Alice was the one who originated the message, andAlice knows that only Bob will be able to decrypt and read her message.

Such a scheme may be utilized with embodiments of the present invention.In an embodiment, full two-way public encryption is used to authenticatethat the sender is in fact the security authority (for example) and thatthe recipient of the message indicating a security compromise event hasoccurred is in fact the intended recipient. Alternatively, messages maybe encrypted with only the private keys of the sending entity, anddecrypted with the public keys to expedite processing time. Suchencryption schemes assist with validation of security compromise eventcommunications, both in providing validation of the source anddestination of messages, as well as providing a means to securitytransmit commands to a compromised mobile device.

In alternate embodiment, encrypted or unencrypted data can betransmitted to and from the mobile device through an encryptedtransmission protocol, such as the wireless encryption protocols (WEP,WPA and WPA2) associated with the IEEE 802.11 wireless protocols. Anynumber of other encryption methods can be used to encrypt datacommunicated to and from the mobile device in conjunction with thepresent invention.

A mobile device operating in conjunction with the present invention mayreceive information that a security compromise event has occurred from asecurity authority or other source using any number of messages in anyformat. For example, embodiments of the present invention may receiveinformation in an SMS text message, a voice mail message, an emailmessage, and/or a predetermined sequence of one or more DTMF tones. Themessage can be of any desired format. For example, the message can beincluded in a file having a tokenized format such as standard ASCII textformat, or any other suitable standardized file format, such as an MSWord document, MS Excel file, Adobe PDF file, or binary picture file(JPEG, bitmap, etc.). The data within such a file can be ordered in anymanner and have any suitable delimiters, notations, or other features.The message may also have a unique and/or propriety format.

In one embodiment, the message indicating a security compromise eventoccurred may be encoded in files such as binary picture files viasteganographic techniques, so that any person viewing the file orpicture may see an acceptable image while a hidden message is encoded inthe data in the file and may be accessed by appropriate softwaretechniques. For example, by sending a graphic image in a file that isnamed in a manner to solicit a user to open the message/file (forexample, “HotJessica.JPG”), then the current user of the mobile devicemay open the file which then triggers software on the mobile device toscan the image file, thereby extracting and decoding thesteganographically encoded data from the image file. The mobile devicemay then interpret the decoded data, and if a lockdown event isindicated, the device may take predetermined actions to partially orcompletely disable use of the device in any of the manners describedherein. The software on the mobile device may execute surreptitiously,whereby the application may execute forensic evidence gathering featuressuch as taking a picture of the current user's face while the user islooking at the image file just opened while the current user is unawarethat he/she is being photographed or otherwise logged. Other commandsmay be sent via encoded or concealed messages, such as commandsresetting the password of the device to an alternate or more securepassword.

The format of the message can also be based on the method by which themessage is transmitted to the mobile device. For example, where themessage is transmitted to the mobile device using a wireless telephoneconnection, the message can be formatted as an SMS text message.Similarly, the message may be formatted as an XML record, email, and/orfacsimile. The message can include multiple formats and/or multiplemessages, and may be formatted having different formats for transmissionin a variety of methods or to a variety of different mobile devices. Amessage received from a security authority, host server, authorizeduser, or other source may also include other information, such asinstructions for altering the functionality of the mobile device asdiscussed further below.

In one embodiment of the present invention, a mobile device may beconfigured to assume a low-power, quiescent, or standby state, wherebythe device may receive notifications from an authorized user or serversuch as a server administered by a security authority. Upon receivingsuch notification, the mobile device may take action at an appropriatetime, based on contents of the notification. The mobile device maytransition from a standby state to poll a server to determine whether anotification is waiting, and if so, downloads and acts upon the contentsof the notification. Additionally or alternatively, the mobile devicehas a buffering provision that is capable of receiving notificationstransmitted by a server or security authority, and acting upon thecontents of the message at an appropriate time, such as when the messageis received or at a predetermined time interval.

A mobile device may also detect a security compromise event bydetermining that the mobile device has been disassociated with adesignated companion device. The mobile device may be associated withany desired type of device(s). For example, a mobile telephone may be acompanion device to another mobile telephone. The two mobile telephonesmay be associated through a wireless connection (such as a Bluetoothconnection), and the loss of the wireless connection may be used totrigger a security compromise event. Similarly, a security compromiseevent can be triggered when a mobile device is separated from aplurality of companion devices.

The mobile device may determine that it has been disassociated with thecompanion device in any desired manner, such as by measuring a powerlevel of a wireless signal transmitted by the companion device, anddetermining that the measured power level has decreased below apredetermined threshold level. Additionally, the mobile device candetermine it has been disassociated with the companion device bytransmitting a message to the companion device and determining that amessage was not received from the companion device that satisfies apredetermined confirmation criterion (e.g., an expected acknowledgementtransmission). Additionally, the mobile device can determine it has beendisassociated with the companion device where it is unable to establisha communications link with the companion device, or where the companiondevice sends a signal to the mobile device indicating that access to themobile device should be restricted. The mobile device may determine ithas been disassociated with the companion device when an amount ofincident light illuminating at least one surface of the mobile devicehas varied from a predetermined threshold range. For example, if themobile device is removed from a companion device such as a purse,carrying case, holster or briefcase, the increase in ambient light on atleast one surface of the mobile device could be detected by an includedsensor, indicating the device has been removed from a desired location.Similar approaches may include activating a security event check when, acase enclosing the mobile device is opened or if a light sensor in amating surface between the mobile device and its companion devicesuddenly detects light when the two devices are disconnected orundocked.

The mobile device may be associated with a companion device in anydesired manner, such as by pairing the mobile device with the companiondevice via a wired link and/or a wireless link. Any desired wirelesslink and communications protocol may be used to pair a mobile devicewith a companion device. For example, a wireless link may include an ISO14443 protocol, an ISO 18000-6 protocol, a Bluetooth protocol, a Zigbeeprotocol, a Wibree protocol, an IEEE 802.15 protocol, an IEEE 802.11protocol, an IEEE 802.16 protocol, an ultra-wideband (UWB) protocol; anIrDA protocol, and combinations thereof. Likewise, a wired link may beimplemented to pair a mobile device with a companion device, such as byusing a computer network connection, a USB connection, a mobile devicesynchronization port connection, a power connection, and/or a securitycable.

A security compromise event may be associated with a change in thehardware of the mobile device. For example, a security compromise eventmay be determined when an identifier of a hardware identity module (suchas a universal subscriber identity module and/or a removable useridentity module) in communication with the mobile device does not matchone or more predetermined authorized identifiers. Any desired identifiermay be used in conjunction with the present invention, such as anelectronic serial number, a local area identity identifier, anintegrated circuit identifier, an international mobile subscriberidentifier, an authentication key identifier, and/or anoperator-specific emergency number identifier.

The hardware identity module identifier may be transmitted to a hostserver, stored in a storage medium (such as the memory of the mobiledevice or host server), or processed in any other desired manner. Forexample, the identifiers associated with hardware of a mobile device(e.g., hard drive, SIM card, or other hardware) can be used to determinewhether an unauthorized user is attempting to circumvent software orhardware security protocols protecting the mobile device. The hardwareidentity module identifier (as well as any other data used inconjunction with the present invention) may be stored in any suitablemanner, such as by using a memory storage device integrated with, or incommunication with, the mobile device. The hardware identity module mayalso be encrypted, hidden, or protected in any other desired manner.

A security compromise event can be based on a change in a singlehardware component of a mobile device, as well as on an overall hardwareconfiguration of the mobile device. For example, the hardwareconfiguration for a mobile device such as a laptop computer may includethe identities of a particular hard drive, battery, RAM, BIOS, and othercomponents of the laptop. The hardware configuration for the laptop canbe stored (e.g., by a central server and/or the mobile device) and thencompared against the current hardware configuration for the laptop(e.g., periodically and/or upon the occurrence of an event, such as achange in a hardware component). If the current hardware configurationhas changed from the stored configuration beyond a predeterminedthreshold (e.g., more than two individual components are different), asecurity compromise event can be triggered. This allows a securitycompromise event to be issued where a thief may be swapping outcomponents of a stolen mobile device in an attempt to circumventsecurity measures associated with (or stored on) the swapped components.Changes in the hardware configuration of a mobile device (such aschanges in a SIM card in communication with the mobile device) can betracked over time and reported to a security authority or authorizeduser to help locate the mobile device. Swapping or exchanging a SIM cardmay trigger a security compromise event.

A security compromise event may be determined based on the use of themobile device and/or the behavior of the current user. For example,referring to FIG. 3, determining a security compromise event (120) mayinclude accumulating a usage profile of the mobile device over apredetermined time period (310), accumulating information regardingcontinued usage of the mobile device (320), and determining that thecontinued usage deviates from the usage profile by a predeterminedthreshold (330).

The usage profile and the accumulated information may include anydesired information about how the mobile device is used, such as a ratioof the number of calls placed from numbers residing within a contactlist stored in the mobile device to numbers not residing within thecontact list, the time of day that one or more calls were placed by themobile device, a mean time interval between button presses, a pressedbutton type, a mean pressure exerted when pressing buttons, a number oftimes within a predetermined time interval that a password was inputincorrectly, a number of consecutive times that a password was inputincorrectly, and combinations thereof. The usage profile of anauthorized user can then be compared to the accumulated information inorder to determine whether or not the authorized user is still incontrol of the device. The mobile device may take any desired action toverify the current user is authorized to use the mobile device, such asprompting the current user to enter a password, and preventing furtheruse of the device until the password is correctly entered.

The usage profile can be compiled over any desired time period(s). Thetime period may include a fixed period of time, or may be dynamicallydetermined (e.g.—shifting in time as the mobile device is utilized). Thepredetermined time period can be specified by an authorized user of themobile device, as well as determined by the mobile device itself. Thepredetermined time period can be based on any desired criteria, such asthe manner in which the device is used and/or on the amount ofinformation needed to compile the usage profile. Likewise, the period oftime in which information about the continued usage of the mobile devicecan be accumulated may be specified in the same manner as that of theusage profile.

The accumulated continued usage information and the usage profile may becompared to determine the degree to which the continued usage deviatesfrom the usage profile. A predetermined threshold may be selectedaccording to any desired criteria to determine whether the continuedusage is indicative of unauthorized use. For example, if the continuedusage includes a significant number of calls outside the time rangecalls are usually made in the usage profile, the continued usage may beindicative of unauthorized use. Similarly, the time interval betweenbutton presses (i.e., the speed the current user is using the mobiledevice), the types of buttons pressed, the pressure exerted whenpressing the buttons, the number of times (including consecutive times)a password is input incorrectly, and other events may be indicative(alone or in combination) of unauthorized use.

A combination of events may be weighted such that the occurrence of asecurity compromise event is based on a predetermined voting threshold.Individual events may be given more significance than other events, suchthat only a repeated occurrence of a particular event deviates from thepredetermined threshold, while a single occurrence of another eventdeviates from the threshold. For example, a call outside the usageprofile's normal time range may need to occur a total of four timesbefore the predetermined threshold is exceeded, while the entering of anincorrect password two times in succession deviates from the threshold.Similarly, an incorrect password entry in combination with two callsoutside the normal time range in the usage profile can deviate from thepredetermined threshold. Events may be weighted or scored for thepredetermined voting threshold in any desired manner.

A security compromise event may be determined based on the failure of auser to provide the proper biometric data. In one embodiment of thepresent invention, for example, a biometric measurement of a currentuser of the mobile device is obtained, and the biometric measurement iscompared to a previously stored reference value. A security compromiseevent can then be determined where the biometric measurement exceeds apredetermined threshold variance from the previously stored referencevalue. The security compromise event may be based on any number ofbiometric measurements from the current user of a mobile device, such asa fingerprint scan, an iris scan, a retina scan, a voice sample, abreath sample, and/or a photograph of a portion of the body of thecurrent user of the mobile device.

A security compromise event may be determined based on the location ofthe mobile device. For example, referring now to FIG. 4, determining asecurity compromise event (120) may include obtaining a physicallocation of the mobile device (410), analyzing the physical location ofthe mobile device to determine that the device is located in anunauthorized area (420), and comparing the physical location of themobile device to a previously stored location list (430).

The physical location of the mobile device may be obtained in anymanner. For example, the location of the mobile device may beascertained using a global positioning system (GPS), through thetriangulation of a signal emitted by the mobile device, through anInternet protocol (IP) address and/or traceroute, or in any othermanner. A global positioning system may include, for instance, areceiver that detects signals transmitted by transmission sources withknown transmission timing and/or known location, and through analyzingthe received time-encoded signals at the mobile device. The mobiledevice may also ascertain its location with respect to the transmissionsources. The transmission sources may be terrestrial, mobile,space-based, airborne, or any combination thereof. In one embodiment,the mobile device may ascertain its location on the surface of the earthby receiving and interpreting geolocation signals received fromsatellites in orbit about the earth. In another embodiment, the globalpositioning system may include a collection of terrestrial antennas andreceivers that receive a signal transmitted from the mobile device, andby analyzing the angle of arrival, time of arrival, and/or timedifferential of arrival of the mobile device's signal, the location ofthe mobile device may be ascertained via conventional multilaterationapproaches. Alternatively, the mobile device may receive one or moresignals from known terrestrial transmitting sources such as cellularbase station antennae, and through analyzing the received signals,compute its location with respect to the known terrestrial transmittingsources.

The area a mobile device is authorized to operate in may be defined inany manner. For example, the area may be a geographical area defined bya boundary, an area corresponding to a postal code, and/or an areacorresponding to a telephone area code. The area may include any numberof separate individual areas. An area may be defined based on where themobile device may operate (i.e. “whitelisting”), as well as on where themobile device may not operate (i.e. “blacklisting”).

The location of the mobile device may be compared to a list that definesone or more locations where the mobile device is authorized to beoperated, one or more locations where the mobile device is notauthorized to be operated, one or more locations where functionality ofthe mobile device is at least partially restricted, and/or combinationsthereof. The list may be defined by an authorized user of the deviceand/or a security authority. In one exemplary embodiment of the presentinvention, a central server (such as host server 860 depicted in FIG. 8)monitors the location of the mobile device and compares the device'slocation to a location list previously stored in a database to determineif a security compromise event has occurred based on the location of themobile device, and if the functionality of the device should be modifiedas a result. Among other things, this embodiment allows employers,parents, and other “super-users” of mobile devices to define boundariesin which the mobile devices should operate when in the hands ofemployees or children.

A security compromise event may be determined based on the location ofthe mobile device. For example, referring now to FIG. 5, determining asecurity compromise event (120) may include measuring a firstenvironmental parameter at a first time point (510), measuring a secondenvironmental parameter at a second time point (520), comparing thefirst environmental parameter and second environmental parameter to apredetermined authorized use condition (530), determining that themobile device has been moved from a first location (540), andtransmitting at least one of the first and second measured environmentalparameter to a security authority (550).

As used herein, an “environmental parameter” generally includes anyparameter pertaining to the mobile device's environment. The mobiledevice can measure any desired environmental parameter in any desiredformat, such as an image taken by the mobile device. Digital cameras(including cameras inside other devices, such as mobile phones), andother devices with imaging capability may thus be used to take an imageof the mobile device's environment, including physical objects andpeople around the mobile device. Such images can then be used toidentify the location of the mobile device and/or the individual(s)responsible for taking or withholding the mobile device from itsauthorized user(s).

An environmental parameter may also include information from or aboutsystems and devices in communication with the mobile device. In oneembodiment of the present invention, for example, a wireless receiver incommunication with the mobile device can be activated and used to senseone or more wireless network addresses from one or more signals receivedby the mobile device at different points in time. The network addressessensed at different points in time can be compared to determine whetherthe sensed network addresses differ, and thus determine if the mobiledevice has moved.

An environmental parameter may further include geolocation information.The geolocation information may be measured from a global positioningsystem (GPS) in communication with the mobile device, as well as fromany other desired source. In one exemplary embodiment of the presentinvention, the mobile device may receive a signal comprising geolocationinformation and decode location signals received at the different pointsin time. The locations corresponding to the signals measured atdifferent times may be compared to determine whether the location of themobile device has changed, as well as whether the distance between twosampled locations exceeds a predetermined threshold. Any number oflocation samples can be similarly measured and compared, either to aninitial location or to subsequently-measured locations. Thepredetermined threshold distance can be configured by a user, a securityauthority, and/or automatically by the mobile device. This embodimentthus allows the movement of a mobile device to be monitored and asecurity compromise alert issued if it moves more than a predetermineddistance.

In various embodiments of the invention, security compromise events maybe detected when an unauthorized user attempts to tamper with a securityprovision of the mobile device. For example, conditions leading to adetermination of tampering may include determining that an unauthorizeduser attempted to mask the reported location of the mobile device;attempted to re-route an electronic address in the mobile device;attempted to bypass a password prompt provided by the mobile device;attempted a brute force password attack on the mobile device; attemptedto install applications intended to thwart operation system security,and combinations thereof.

A user may specify criteria to define conditions that may indicated asecurity compromise event has occurred. In this context, detecting, bythe mobile device, that a security compromise event has occurred furthercomprises obtaining from the authorized user a set of criteriaindicating unauthorized use of the mobile device; and determining thatat least one of the criteria indicating unauthorized use has occurred.The criteria may include a broad range of information such as, forexample: a maximum number of calls that may be placed to numbers notincluded in a pre-stored authorized number list; a maximum number ofcalls that may be received by numbers not included in the pre-storedauthorized number list; and the situation where a call is being placedto a country code not included in the pre-stored authorized number list.The set of criteria indicating unauthorized use of the mobile device maybe stored in any suitable location, such as in the mobile device or in adatabase associated with a security authority.

Altering the Functionality of the Mobile Device

In the exemplary process depicted in FIG. 1, a determination is made asto whether the function of the device should be altered in response tothe security compromise event (130), and the functionality of the mobiledevice altered accordingly (140). The functionality of a mobile devicecan be altered in any manner and to achieve any purpose, such as tomitigate the harm arising from the compromised status of the device,gather evidence to apprehend and convict a thief, as well as toencourage/incentivize the return of the device to the proper owner.Referring to FIG. 6, altering the functionality of the mobile device(140) may include providing a notification to the current user (610),inhibiting the functionality of the mobile device (620), providing anotification to an authorized user and/or security authority (630),altering the manner in which communications to and from the mobiledevice are handled (640), protecting data in the mobile device (650),tracking the mobile device (660), gathering and transmitting informationon the usage of the mobile device to a security authority (670), andcommunicating with other devices (680).

The functionality of a mobile device can be altered in any manner inresponse to a security compromise event, including partially orcompletely disabling features of the device and/or providingfunctionality not available prior to the security compromise event. Inone embodiment of the present invention for example, the functionalityof the mobile device can be altered to present an automated message tothe current user of the mobile device (610). The automated message maybe in any format and may contain any desired information. For example,the automated message may notify the current user that the mobile devicehas been lost or stolen, that a reward is offered for the prompt returnof the mobile device, and/or provide instructions for returning themobile device to the authorized user. The automated message may alsonotify the current user that any button may be depressed on the mobiledevice to initiate the recovery process, and/or that a phone number neednot be entered to contact a party to return device to its rightfulowner. In such an instance, the mobile device may accept a single buttonpress to initiate contact with a security authority or the authorizeduser to begin the recovery process. The message may be presented in anymanner, such as an audio message, a textual message, and/or a videomessage. In one embodiment of the present invention, for example, an SMStext message is transmitted by a security authority to a mobile device.The text message is decoded and a command sent to an applicationresiding on the mobile device, such as a web browser, a text editor,graphic image displayer, a message screen, or a bitmap displayer and/orany other application capable of displaying a notification. The commandmay, for example, display a pre-stored message or image, instructing theuser in regards to returning the device to the authorized user. Theapplication may reside on a hardware component within the mobile device,such as a SIM card installed in a mobile phone or laptop computer. Themessage may also be presented at any desired time or in response to anydesired event, such as when the current user is attempting to utilizethe mobile device (e.g., by placing a call on a mobile telephone). Forexample, the message may be presented upon startup of the device. Inthis manner, a user that has found a lost device may obtain informationregarding returning the device even where the device has not establisheda connection to a host server such as one operated a security authority.

The functionality of the mobile device may be altered to inhibit auser's ability to utilize the mobile device (620). For example, asequence of DTMF tones (e.g., for a mobile telephone) or an unpleasantsound may be played over a speaker in the mobile device while thecurrent user is attempting to use the mobile device. Additionally, theillumination level of a display on the mobile device may be altered tofrustrate the use of the mobile device (e.g., by decreasing theillumination level) and/or to draw attention to the mobile device (e.g.,by increasing the illumination level) so that bystanders may notice thedevice or its unauthorized use. In addition, an aural signal may beplayed over a signal over a loudspeaker of the mobile device, and theaural signal may comprise a variety of information including apre-recorded message such as a human voice notifying listeners that themobile device has been lost or stolen; a pre-recorded scream; verbalinstructions regarding how to return the mobile device to at least oneof the authorized user and the security authority; or an alarm signal.

A predetermined set of features of the mobile device can be inhibited inresponse to a security compromise event, such as when the mobile deviceis reported stolen or lost by the authorized user. In one embodiment ofthe present invention, for example, the functionality of the mobiledevice is modified based on a list of features to be restricted uponoccurrence of the security compromise event. The list of features may bedefined in any manner, such as by an authorized user accessing a webinterface and selecting features to be disabled if the mobile device islost or stolen. The list of features may then be transferred to, andstored by, the mobile device. One or more specifically configured listsof features for various security compromise events may be provided tothe mobile device, for example one list may indicate that or more of thefeatures on the list could be disabled if the phone is reported stolen,while a less restrictive list may be provided for when the phone isreported as misplaced. In this manner, multiple feature modificationlists for the mobile device may provide for event-appropriate responsesbased on the type of security compromise that has occurred. In anotherembodiment, a default security compromise action list is executed by themobile device if the mobile device detects a security compromise eventand no other list of restricted features has been transferred to themobile device by the authorized user or a verified security authority.For example, but not by way of limitation, a default security compromiseaction list defines common features of a mobile device that need toaltered when control of the mobile device is lost. Alternately, the listof features may be identified by a user through a software interface onthe mobile device itself.

The functionality of the mobile device may be modified from a first setof features to a second set of features based on the occurrence of asecurity compromise event. The differences between the first feature setand second feature set can be based on any desired criteria, such as thecontext of use of the mobile device. For example, the feature sets maybe based on a level of security desired for the mobile device, anapplication the mobile device is being used for, the location of themobile device, or any other contextual factor(s).

The functionality of the mobile device may be inhibited in any otherdesired manner. For example, a mobile phone may be prevented fromplacing phone calls, sending emails or text messages, or engaging inother forms of communication. In the case where the mobile devicecomprises a mobile telephone, the phone numbers that may be called fromthe mobile device can be restricted to a predetermined list of numbers,or to only one or more predetermined numbers within a contact list onthe mobile phone. For example, a mobile device may be restricted to onlyallow emergency calls to be placed, and/or to place a call to a securityauthority (for example, a user may press a single key to place a call tothe security authority). Additionally, DTMF tones can be played on aloudspeaker of the mobile device while the mobile phone is in use tointerfere with the current user using the mobile phone. Similarly,frequent messages (e.g. a text message and/or audio message) can beprovided, instructing the current user of a mobile device to contact asecurity authority to initiate return of the mobile device to theauthorized user. The subscriber identity module (SIM) of a mobile phonecan also be locked out until the user enters a personal unblocking code.The unblocking code may be known to the authorized user(s) prior to theoccurrence of the security compromise event, or can be provided to theauthorized user(s) by a security authority. Additionally, an authorizeduser(s) may unlock the mobile device through a host server such a serveroperated by a security authority, or by entering a PIN number orpassword corresponding with a PIN number or password that was furnishedby the user during a registration process and stored in a database forunlock authentication purposes. Any other functions of a mobile devicecan be disabled (in part or in whole), or interfered with, to diminishthe usefulness of the mobile device to an unauthorized user.

The authorized user of the mobile device may also request to lock thedevice by using a web browser or other remote application to instruct asecurity authority to relay a command to lock the mobile device; and inthis event message is formatted transmission to the mobile device,wherein the message comprises a command to be decoded by the mobiledevice. The command may instruct the mobile device to execute anydesired function, including disabling at least one feature of the mobiledevice.

The functionality of the mobile device can be inhibited by requiringentry of a password before the mobile device may be used by a currentuser. Where an invalid password is entered, a delay may additionally beintroduced before entry of another password may be attempted by thecurrent user. In conjunction with requiring the password, selectableindicia (e.g., a web link and/or button on a display) may be providedthat give instructions on how to return the mobile device. Theinstructions can be provided without the current user needing to enter avalid user id and password. Additionally, the current user may beprompted to enter his or her identification information, which is storedon the mobile device and transferred to a security authority when themobile device has an opportunity to make a communications connection tothe security authority. This may allow a security authority to locate aninnocent finder of the device, as well as someone who stole the device.For example, but not by way of limitation, the prompt can include amessage that notifies the current user of the device that they have wona substantial prize and need to take an action to redeem the prizeoffer. In such a case, the current user of a device may be solicited toprovide information that could be used to redeem the spurious prize, butin fact is used to locate and or apprehend current user. Alternatively,or in combination, the current user of the mobile device may be sent agraphical image with a name or image that encourages the current user toopen a message or file, and while looking at the file or image, acommand is decoded from the image via steganographic techniques, wherebythe command may be executed by the mobile device to mitigate the loss ofcontrol of the mobile device.

The mobile device can be significantly disabled or entirely shut down toprevent its use and help prevent an unauthorized user from attempting tocircumvent security protections on the mobile device. In some cases,such as when information stored on the mobile device is sensitive, orwhen there is a very small likelihood of recovering the mobile device(or its data), it may be desirable to command the mobile device toperform a destructive function that renders the mobile deviceinoperable. The destructive function may include erasing and/oroverwriting data and software stored on the mobile device. Thedestructive function may also include physically damaging the hardwareof the mobile device, such as by commanding the mobile device to deliveran electric charge or current to damage an electronic component of themobile device.

For example, when such a condition occurs, an integrated circuit withinthe mobile device could be rendered permanently inoperable.Alternatively, a component such as a fusible link which is designed tobe electrically destroyed may be purposely blown by software in themobile device, at which time the mobile device may be renderedinoperable, but repairable by a an authorized technician. Further, themobile device may execute an instruction to cause an internal circuitbreaker in the mobile device trip, thereby rendering the mobile deviceat least temporarily inoperable, until the circuit breaker is reset byan authorized technician.

The functionality of the mobile device may be altered to send a messageto an authorized user of the device, a security authority, or otherrecipient (630). The message may include any desired information, suchas a phone number called by the mobile device, the current operationalstatus of the mobile device, the location of the mobile device, astatement indicating that the mobile device has been removed from apredetermined location and/or is in motion, a date and time stampindicating when the device was first used after occurrence of thesecurity event, and/or instructions to call a security authority toinitiate a recovery process. The mobile device can thus provideinformation on its use and location to aid a security authority orauthorized user in finding the mobile device.

The authorized user(s) of the mobile device may not necessarily be awarethat a security compromise event has occurred. In order to alert anauthorized user that a security compromise event has occurred, a theftnotification record for an authorized user can be stored at a centralserver as well as on the mobile device itself to allow the authorizeduser to be contacted and notified. The theft notification record caninclude any desired information regarding the authorized user, such asthe authorized user's contact information and information that can beused to validate the authorized user's identity. A message to theauthorized user may be in any format and may include any desiredinformation. For example, a phone call can placed to a phone numberspecified in the theft notification record, whereupon audio instructions(from a live operator or pre-recorded) are provided to the authorizeduser regarding how to contact the current user of the mobile device torecover the mobile device. Likewise, a text message can be sentelectronically, or a printed message may be sent by conventional mail,to an address specified in the theft notification record regarding howto contact the current user of the mobile device to recover it. Themessage may be provided by any system, device, or individual, such as asecurity authority monitoring the mobile device and/or the mobile deviceitself.

The functionality of the mobile device may be altered with regards tothe handling of communications to and from the mobile device (640). Inaddition to prohibiting or restricting communications to and from thedevice as discussed above, communications from the device by anunauthorized user can be intercepted and forwarded to a securityauthority, an authorized user, or other recipients to aid in identifyingthe unauthorized user and the location of the mobile device. In thismanner, the present invention will route calls that were directed to theauthorized user's lost or stolen device to an alternate numberdesignated by the authorized user; the authorized user will then be ableto receive calls that would have otherwise been missed. In the casewhere the mobile device comprises a mobile telephone, telephone numbersdialed by the unauthorized user can be logged and transmitted to thesecurity authority and/or authorized user, and authorized user and/orsecurity authority can be alerted as the mobile device is engaging in atelephone call. A third party (such as a security authority) may requestto access the telephone call, and then establish a conference connectionto the telephone call. The third party may actively participate in theconversation or listen to the conversation surreptitiously.

When a current user of the mobile device enters a phone number in themobile device and places a call, further steps may include interceptingthe call and routing the call to an interactive voice response system.In one case, a pre-recorded message may be annunciated to at least thecurrent user of the mobile device that the call is being recorded,followed by recording at least part of a conversation being conducted bythe current user of the mobile device. In another embodiment, once thecurrent user of the mobile device has entered a phone number to place acall, the mitigation process may include intercepting the call androuting the call to a predetermined phone number.

Text messages may also be intercepted. In one embodiment, altering thefunction of the mobile device includes intercepting a text messagesubmitted by a current user of the mobile device; and routing a copy ofthe text message to at least one of a security authority and theauthorized user.

The data stored on a mobile device may be protected (650) in any desiredmanner, such as by encryption. Any portion of the stored data may beencrypted, such as files or other data elements designated (e.g., by alist, flag on the file, location of the file, or other method) to beencrypted upon the occurrence of a security compromise event.Alternatively, files and data elements may be encrypted as they arecreated so that they cannot be viewed by an unauthorized user evenbefore a security compromise event has been determined. An authorizeduser may designate individual files to be encrypted, as well as types offiles to encrypt. In addition to, or as an alternative to, encryption,files may be hidden from the file system of the mobile device to preventtheir access by an unauthorized user. Authorized users can gain accessto such files through, for example, a software application independentof the operating system of the mobile device that verifies the user isauthorized to access the files.

Designated files can be encrypted independent of the mobile device'soperating system, such as through an independent software applicationthat encrypts/decrypts files and allows a user to access them. Theoperating system is thus blocked from accessing such files, preventingan unauthorized user from exploiting security flaws in the operatingsystem to view protected files. Operating system calls to open suchfiles can be intercepted and the files opened and decrypted if thecurrent user is authorized to access the files. Similarly, operatingsystem calls to close such files can be intercepted and the files closedand decrypted by the independent software application. Files stored onthe mobile device may be encrypted and decrypted in any desired manner,such as with a password known by a security authority and/or theauthorized user.

In one embodiment of the present invention for example, to increase thelevel of protection for data stored on the mobile device, a password onthe mobile device can be modified to utilize a password that is moresecure, for example, by using a longer and/or more complex passwordcode, or setting a password where the mobile device was not protected bya password. Normally, these more secure or enhanced-strength passwordsare considered less user friendly and are often not used as primarypasswords by the authorized users. Therefore, embodiments of the presentinvention may adaptively modify the strength of passwords on mobiledevices depending on the security state and context of a mobile device.

Some or all of the data stored on the mobile device may be erased inresponse to a security compromise event to protect it from unauthorizedaccess. Any desired files of other data elements can be erased. Forexample, an authorized user may specify a list of data elements to bedeleted upon occurrence of the security compromise event. Additionally,deleted data elements may be overwritten with other data to preventforensic recovery of the data. Deleted data may be overwritten anydesired number of times, and with any desired data (such as random data,alternating data values, predetermined data patterns, and a combinationthereof).

Some or all of the data stored on the mobile device may further bearchived to allow an authorized user to recover the data, even if themobile device is not recovered. As with files marked for encryptionand/or deletion, an authorized user may specify particular files orother data to be archived in any desired manner. The authorized user mayalso specify one or more destinations to which the archived data shouldbe transmitted to in the event of a security compromise event, such as asecurity authority, host server, or an alternate device accessible bythe authorized user (e.g., another mobile device of the same type or acentral data server). The archived data may be transmitted from themobile device to a specified destination in conjunction with theencryption or deletion of the data upon a successful transfer. Anauthorized user may then retrieve the archived data to a replacementmobile device, or may instruct that the archived data be delivered toany other desired destination. For example, the authorized user mayspecify a destination address (such as an email address or physicalmailing address) to which an electronic copy or physical copy (e.g., thearchived data stored on a portable storage medium) can be delivered. Anytype of data stored on the mobile device may be archived, such asdocuments, email or telephone contact information, softwareapplications, media files, and/or pictures. Additionally, licensinginformation pertaining to one or more data elements may be archived.

Data may be archived at any time, including, upon occurrence of asecurity compromise event, according to a predetermined schedule, and orat a time specified by an authorized user, security authority, or otherauthorized entity.

Systems and methods of the present invention may store sensitive data ina specified location for special processing upon the occurrence of asecurity compromise event. The specified location may be a physicallocation in a memory, as well as a location designated through the filesystem of the mobile device. For example, an authorized user may storesensitive data elements in a special folder on the file system of themobile device. When a security compromise event occurs, one or morefunctions can be executed on the data elements within the folder, suchas encrypting one or more of the sensitive data elements with a passwordknown to the authorized user and/or a security authority, deleting oneor more of the sensitive data elements, multiply overwriting one or moreof the sensitive data elements, and/or transmitting one or more of thesensitive data elements to an address specified by the authorized user.The special designation of files allows, among other things, importantdata to be quickly protected, archived, and/or destroyed before handlingless sensitive data in the event of a security compromise event.

The functionality of the mobile device may be altered to aid in trackingthe device (660) following the occurrence of a security compromiseevent. For example, the mobile device may determine a network address(including a wireless network address) assigned to the mobile device, aswell as wireless access point identifiers from signals received by themobile device. The mobile device can store and transmit the address(es)and identifier(s) to a security authority. The security authority maythen determine, based on the network addresses and wireless access pointidentifiers, a location of the mobile device.

Similarly, the mobile device may receive a signal from a GPS or othersource providing geolocation information. The geolocation informationfrom the signal can be stored and transmitted to a security authority. Asecurity authority or authorized user receiving location informationfrom the mobile device can present the location on a map overlay totrack the current position of the mobile device, as well as the date andtime of any changes in the mobile device's position. The map of themobile device's position can be provided through a web site over theInternet to allow police officers or other security authority members tolocate the mobile device.

The functionality of a mobile device may be altered to gatherinformation on how the mobile device is being used by an unauthorizeduser and provide that information to an authorized user or securityauthority to aid in locating the device and/or unauthorized user (670).For example, phone numbers and email addresses to which messages aresent after occurrence of the security compromise event may be stored bythe mobile device and transmitted to a security authority.Data-capturing equipment onboard a mobile device (such as a digitalcamera or microphone) can also be used to gather information on the userof the mobile device, mobile device's present environment. A camera incommunication with the mobile device, for example, can be activated tocapture a still image or video clip, which can be stored in the mobiledevice and transmitted to a security authority. Similarly, a microphonemay be used to capture audio clips. Data-capturing equipment such as thecamera and microphone can be used to take continuous samples of data tohelp locate the device, inhibit use of the data capture device by theunauthorized user, and/or to wear down the battery of the mobile deviceto diminish it's usefulness to the unauthorized user. Alternately, thedata capture device may be disabled to preserve battery life and/or toprevent its use by the unauthorized user.

The microphone or camera may be activated upon any desired conditionbeing satisfied, such as: the mobile device receiving a call from apredetermined phone number; when the mobile device receives a callduring which a predetermined pattern of DTMF tones is received by themobile device; or during a call received by the mobile device, anutterance received by the mobile device matches within a predeterminedthreshold a security enablement utterance stored within the mobiledevice. In other embodiments, the microphone or camera is activated uponthe mobile device receiving a text message from a predetermined source,or when a received text message contains a predetermined text stringsuch as a code indicating that the device should assume a securitylockdown status. Audio or video samples obtained by the microphoneand/or video camera may be stored on the mobile device for laterretrieval and/or further relayed to the authorized user and/or asecurity authority.

In order to help capture an image of the face of an unauthorized user,the mobile device may prompt the user to undertake an activity thatinvolves looking at the mobile device, such as prompting the user toenter a password, playing an audio sequence on the mobile device,strobing a light source on the mobile device, announcing that thecurrent user has won a prize and instructing him/her to watch for prizeredemption details, and/or displaying a video sequence. While thecurrent user's attention is focused on the mobile device, the camera maybe used to capture an image of his/her face for transmittal to asecurity authority. Similarly, a camera or microphone in communicationwith the mobile device can be activated in conjunction with initiating asurreptitious communication session with a security authority. Stillimages, video, and audio data captured by the mobile device can then betransmitted to the security authority. The security authority can useimages/video of the unauthorized user to identify him/her (e.g., throughcomparing the images/video to police booking photos), and can also usethe images/video to identify the surroundings of the mobile device. Theunauthorized user may also be identified from samples of theunauthorized user's voice (taken from captured audio clips).

As discussed previously, messages sent to and from the mobile device maybe intercepted and/or rerouted to a security authority to preventunauthorized use of the device and to help identify an unauthorized userand/or the location of the mobile device. In addition, the mobile devicemay be configured to maintain a record of each key depressed on themobile device, and transmit that log to an authorized user or securityauthority. The logging of keystrokes in this manner may further aid inidentifying the unauthorized user by capturing usernames, passwords,contact entries, and other information entered by the unauthorized user.

In addition to passively receiving data from the mobile device, anauthorized user or security authority may actively access or command themobile device in accordance with the present invention. A securityauthority or authorized user may transmit commands to the mobile deviceto execute various functions, as well as to provide software updates,applets, sections of executable code, interpretable scripts, or dataelements to be processed by the mobile device. The mobile device maythus be provided with software to perform various tasks upon theoccurrence of a security compromise event, as well as at any otherdesired time.

In one exemplary embodiment of the present invention, a securityauthority and/or the authorized user may log into a remote accessservice configured to communicate with the mobile device and activate anapplication programming interface in the mobile device to forward to theremote access service the current status of the mobile device, thecurrent location of the mobile device, an image taken by a camera incommunication with the mobile device, a real-time video captured by acamera in communication with the mobile device, a list of keys pressedon the mobile device, and/or a list of services currently running on themobile device. Additionally, an authorized user or security authoritymay issue a command to the mobile device to initiate a chat session andprovide an interface on the mobile device for enabling a text-basedinteraction with the current user.

The functionality of the mobile device may be altered to communicatewith other devices to assist in locating and recovering the mobiledevice (680). For example, referring now to FIG. 7, communication withother devices (680) may include initiating a wireless connection betweenthe mobile device and a wireless transceiver (710), relaying informationregarding the current location of the mobile device to a securityauthority through the wireless transceiver (720), transmitting a messageto the wireless transceiver (730), and transmitting a message to asecond wireless transceiver (740).

A mobile device can initiate a connection between any device, system, orperson through a wireless transceiver, and may connect to the wirelesstransceiver using any desired communication protocol. The mobile devicemay connect to any number of wireless transceivers. Once connected to awireless transceiver, the mobile device may relay any desiredinformation regarding the current location of the mobile device to asecurity authority, as well as files and data stored on the mobiledevice. For example, a mobile device that initiates a connection with awireless access point (WAP) connected to the Internet may send an emailto a security authority that includes text and attachments to aid thesecurity authority in locating the device and apprehending anunauthorized possessor of the device. Similarly, a mobile deviceinitiating a connection with a cellular telephone network may dial thesecurity authority and provide information regarding the location of themobile device through an audio message and/or DTMF tones.

The mobile device can provide any other desired information to (orthrough) a wireless transceiver it initiates contact with. For example,in one embodiment of the present invention the mobile device cantransmit a message to a wireless transceiver indicating that a lost orstolen device is present within a signal range accessible by thewireless transceiver. Similarly, a mobile device may determine thesignal strength of its wireless connection with the wirelesstransceiver, and obtain identifying indicia (such as a device name, IPaddress, or other identifier) for the wireless transceiver and transmita message to a different wireless transceiver including theidentification and signal strength information. The signal strength andidentification information for multiple wireless transceivers can thenbe used to triangulate the location of the mobile device. Additionally,where the wireless transceiver (or device in communication thereto) iscapable of determining its own physical location, the mobile device mayrequest that the wireless transceiver provide its physical location,which in turn can be provided to a security authority.

The mobile device may transmit any other desired information to anynumber of wireless transceivers. In one embodiment of the presentinvention, for example, a message to a wireless transceiver may includea request for a response that includes the physical location of awireless transceiver in communication with the mobile device, a requestthat a person in communication with the wireless transceiver report thata lost or stolen device is within its communication range, a phonenumber for the authorized user, a phone number for a security authority,and/or a request to place a call to a security authority.

Exemplary System

An exemplary system for use in conjunction with the present invention isdepicted in FIG. 8. This system may be used in conjunction with themethods described in FIG. 1-7, as well as with any subset or combinationof the elements thereof. The system shown in FIG. 8 may also be used inconjunction with any other suitable embodiments of the presentinvention.

The exemplary system depicted in FIG. 8 comprises a mobile device 800that includes a processor 810 coupled to a memory 820 which may includevolatile memory, nonvolatile memory or a combination thereof. Acommunications module 830 comprises a wireless transceiver 840 forwirelessly communicating with one or more servers 860 and other entitiesthrough antenna 850. The mobile device also includes a user interface870 coupled to the processor 810. The mobile device 800 may include anysuitable power source, such as a battery (not shown). The mobile device800 may include any other desired components, such as a globalpositioning system (GPS) to provide geolocation information for locatingthe mobile device. Some or all of the components of the mobile device800 may include (or be in communication with) a hardware identificationmodule (not shown) such as a universal subscriber identity module and/orremovable user identity module. The hardware identification module maybe coupled to the processor 810 and may include an identifier that canbe compared to a predetermined identifier to determine whether thehardware of the mobile device 800 has been altered and whether asecurity compromise event has occurred as a result. The hardwareidentification module (and predetermined identifier) may include anysuitable identifier, such as an electronic serial number, a local areaidentity identifier, an integrated circuit identifier, an internationalmobile subscriber identifier, an authentication key identifier, and/oran operator-specific emergency number identifier. The identifier may bestored in the memory 820 and transmitted to the host server 860 forcomparison to a predetermined identifier.

The functionality of the mobile device 800, including the methodsdepicted in FIGS. 1-7 (in whole or in part), may be implemented throughthe processor 810 executing computer-readable instructions stored in thememory 820 of the mobile device 800. The memory 820 may store anycomputer-readable instructions and data, including softwareapplications, applets, and embedded operating code. In one exemplaryembodiment, a software application performing methods of the presentinvention includes a terminate and stay resident (TSR) application (orequivalent) configured to remain loaded in memory whenever the mobiledevice is in operation, which can help prevent the inadvertent orintentional deletion of the TSR. The software application may also behidden (i.e., not viewable in an application list or task list) and/orprotected from being stopped or deleted by a user or other softwareprocess. Aspects of embodiments of the present invention provide fortamper-resistant applications to prevent unauthorized users fromdisabling or otherwise removing the applications from operationalstatus. In one exemplary embodiment, applications may be installed onmobile devices running the Symbian operating system, wherebyapplications that are running may not be unloaded or disabled.

Additionally, the software application may be configured to operate withminimal underlying hardware functionality. For example, the applicationmay be initiated before the mobile device establishes a networkconnection. Such a situation may be provided, for instance, when thesoftware application is installed on a SIM card in the mobile device,and the application launches before other software in the mobile deviceoperating system. Alternately or in addition, a data element such as alink or a URL (universal resource locator) may reside on the SIM card,and by launching an application such as a browser with the URL or link,an application referenced by the link or URL may be loaded into themobile device from a remote server and/or executed directly from on theremote server.

Software performing methods of the present invention may be providedwith the device or downloaded onto the mobile device by an authorizeduser. The functionality of the mobile device 800 may also be implementedthrough various hardware components storing machine-readableinstructions, such as application-specific integrated circuits (ASICs),field-programmable gate arrays (FPGAs) and/or complex programmable logicdevices (CPLDs). Systems according to aspects of the present inventionmay operate in conjunction with any desired combination of softwareand/or hardware components.

The processor 810 retrieves and executes instructions stored in thememory 820 to control the operation of the mobile device 800. Any numberand type of processor such as an integrated circuit microprocessor,microcontroller, and/or digital signal processor (DSP), can be used inconjunction with the present invention. The memory 820 storesinstructions, data, messages transmitted from (or received by) themobile device 800, and any other suitable information. A memory 820operating in conjunction with the present invention may include anycombination of different memory storage devices, such as hard drives,random access memory (RAM), read only memory (ROM), FLASH memory, or anyother type of volatile and/or nonvolatile memory. Data can be stored inthe memory 820 in any desired manner. In one embodiment of the presentinvention, for example, data stored within the memory 820 is partitionedinto one or more logically disjoint groups. Each of the data groups areencrypted with a respective unique encryption key to prevent all thedata on the mobile device from being accessed if a single encryption keyis compromised. This also increases the time it will take a “bruteforce” attempt to try all possible encryption keys to succeed. Thegroups of data can be partitioned across a plurality of physical storagemedia, such a RAID array.

The communications interface 830 communicates with one or more servers860 or other suitable entities. Any suitable communications device,component, system, and method may be used in conjunction with thepresent invention. For example, the wireless transceiver 840 may beconfigured to communicate using any number and type of cellularprotocols, such as General Packet Radio Service (GPRS), Global Systemfor Mobile Communications (GSM), Enhanced Data rates for GSM Evolution(EDGE), Personal Communication Service (PCS), Advanced Mobile PhoneSystem (AMPS), Code Division Multiple Access (CDMA), Wideband CDMA(W-CDMA), Time Division-Synchronous CDMA (TD-SCDMA), Universal MobileTelecommunications System (UMTS), and/or Time Division Multiple Access(TDMA). A mobile device operating in conjunction with the presentinvention may alternatively (or additionally) include wirelesstransceiver(s) (and related components) to communicate using any othermethod of wireless communication protocol, such as an ISO 14443protocol, an ISO 18000-6 protocol, a Bluetooth protocol, a Zigbeeprotocol, a Wibree protocol, an IEEE 802.15 protocol, an IEEE 802.11protocol, an IEEE 802.16 protocol, an ultra-wideband (UWB) protocol; anIrDA protocol, and combinations thereof. The antenna 850 may beconfigured to transmit and receive any wireless signal in any format,and may comprise a plurality of different antennas to transmit andreceive using different wireless protocols.

The communications module 830 can communicate with the server 860 oranother device using any other form of connection, such as a wiredInternet connection, a wireless Internet connection, a cellulartelephone network connection, a wireless LAN connection, a wireless WANconnection, an optical connection, a USB connection, a mobile devicesynchronization port connection, a power connection, and/or a securitycable. The communications module 830 can be used to communicate with oneor more companion devices to monitor the position or status of themobile device 800 (e.g., by monitoring whether a communication linkbetween the mobile device and companion device is intact), as well aswith any number of other devices to help track/locate a lost or stolenmobile device 800.

The mobile device 800 includes a user interface 870. The user interface870 may include any number of input devices (not shown) to receivecommands, data, and other suitable input from a user, as well as anynumber of output devices (not shown) to provides the user with data,notifications, and other suitable information from the mobile device800.

Any number of input devices may be included in the user interface 870such as a touch pad, a touch screen, and/or an alphanumeric keypad toallow a user to enter instructions and data into the mobile device 800.The user interface 870 may be configured to detect pressure exerted by auser on the keys of a keypad, as well as the time interval between keypresses in order to determine if the current user is authorized to usethe device. The user interface may also include a microphone to allowthe user to provide audio data to the mobile device 200, as well as acamera to allow the mobile device to capture still or video images. Themobile device 200 may include speech recognition software to processverbal input through the user interface 870. The user interface 870 mayalso include any number of suitable output devices, such as a displayscreen to visually display information (such as video and text), and/ora speaker to provide auditory output. The mobile device 800 may beconfigured to provide words, phrases, tones, recorded music, or anyother type of auditory output to a user through the speaker. Asdiscussed previously, the user interface 870 can be activated to provideinformation and/or hinder the operation of the mobile device 800 when anunauthorized user attempts to use the mobile device 800. For example,the illumination level of the display may be modulated to draw attentionto the mobile device, and unpleasant and/or loud sounds can be playedover the speaker.

The mobile device 200 may include one or more biometric devicesconfigured to receive biometric information, such as a fingerprintscanner, an iris scanner, a retinal scanner, and/or a breath analyzer.Input devices such as a microphone or camera may also be utilized toperform biometric analyses, such as a voice analysis or facialrecognition.

Information provided or received by the user interface 870 may be in anyappropriate format. For example, a user interface that communicatesinformation to a user in an auditory format may first provide a dataheader followed by a data value to identify the data to the user. Theuser interface 870 may provide information in any number of desiredlanguages, regardless of whether the information is provided audibly orvisually.

The user interface can also provide/receive information to a user in amachine-readable format. In one exemplary embodiment of the presentinvention, for example, the user interface 870 of a mobile device 800may send and receive messages using dual-tone multi-frequency (DTMF)tones. The mobile device 800 can be configured to send, receive, andprocess machine-readable data can in any standard format (such as a MSWord document, Adobe PDF file, ASCII text file, JPEG, or other standardformat) as well as any proprietary format. Machine-readable data to orfrom the user interface may also be encrypted to protect the data fromunintended recipients and/or improper use. In an alternate embodiment, auser must enter a passcode to enable use of some or all of thefunctionality of the mobile device 800. Any other user interface featuremay be utilized to allow a human or non-human user to interact with oneor more devices operating in conjunction with the present invention.

The mobile device 800 may include any other suitable features,components, and/or systems. For example, the mobile device 800 may beconfigured to preserve the life of its battery by shutting off some orall of its components, such as a camera or microphone. Components can beselectively shut down in response to a security compromise event, aswell as in response to a command from an authorized user or securityauthority. Alternately, the mobile device 800 can be configured to useits components excessively to drain the battery as quickly as possible,to, for example, limit the usefulness of the mobile device 800 to anunauthorized user.

The mobile device 800 may be configured to implement one or moresecurity measures to protect data, restrict access, or provide any otherdesired security feature. For example, a mobile device 800 may encrypttransmitted data and/or data stored within the device itself. Suchsecurity measures may be implemented using hardware, software, or acombination thereof. Any method of data encryption or protection may beutilized in conjunction with the present invention, such aspublic/private keyed encryption systems, data scrambling methods,hardware and software firewalls, tamper-resistant or tamper-responsivememory storage devices or any other method or technique for protectingdata. Similarly, passwords, biometrics, access cards or other hardware,or any other system, device, and/or method may be employed to restrictaccess to any device operating in conjunction with the presentinvention.

The host server 860 communicates with mobile devices 200, authorizedusers, unauthorized users, security authorities, and other entities tomonitor and protect the mobile devices 200 from unauthorized use and tomitigate the harm associated with a security compromise event. The hostserver 860 may comprise any number of separate computer systems,processors, and memory storage devices, as well as human operators(e.g., to answer calls from authorized users reporting the loss/theft ofa mobile device) and any other suitable entity. The host server 860 mayinclude, or be in communication with, one or more databases 880 storinginformation regarding authorized users and mobile devices 200 in orderto monitor and track the mobile devices 200 and provide instructions tothe mobile devices 200 in the event a security compromise event occurs.

For example, a database 880 may store a usage profile for a mobiledevice to allow software on the host server 860 to detect whethercontinued usage of the mobile device deviates from the usage profile bya predetermined threshold. The host server 860 may also receive,process, and store (e.g., in the database 880) information from themobile device 800. The host server 860 may handle any type of data inany format to achieve any purpose, such as receiving and processingenvironmental parameters captured by the mobile device to track theposition and location of the mobile device 800 as discussed previously.The database 880 may also store location information that can be used todetermine whether the mobile device 800 is operating in a valid location(e.g., “whitelisting” and “blacklisting” as discussed previously).

Databases 880 in communication with the host server 860 may also storearchived data from mobile devices 800 for recovery in the event themobile devices 800 are lost or stolen, or the data on the mobile devices800 is destroyed (e.g., by a virus or other malicious program). Thefunctionality of the host server 860 may be performed automatically orsemi-automatically, such as through software/hardware operating on oneor more computer systems, and/or by one or more human operators.

The host server 860 may include one or more system processors thatretrieve and execute computer-readable instructions stored in a memoryto control (at least partially) the operation of the host server 860.Any number and type of conventional computer, computer system, computernetwork, computer workstation, minicomputer, mainframe computer, orcomputer processor, such as an integrated circuit microprocessor ormicrocontroller, can be used in conjunction with the present invention.Computer systems used in accordance with aspects of the presentinvention may include an operating system (e.g., Windows NT,95/98/2000/XP/Vista, OS2, UNIX, Linux, Solaris, MacOS, etc.) as well asvarious conventional support software and drivers typically associatedwith computers. In certain embodiments, dedicated applications may beentirely or partially served or executed by the system processor toperform methods of the present invention

The host server 860 may be accessed in any desired manner, such asthrough a website on the Internet, and/or through a telephone network.The host server 860 may include any number of human operators, computersystems, mobile telephones, mobile computing devices, interactive voiceresponse (IVR) systems, and any other suitable system and device forcommunicating with a user, security authority, computing device, orother entity. In one exemplary embodiment of the present invention,authorized users wishing to subscribe to a service providing monitoringand protection of their mobile devices can access a web site hosted bythe host server 860 to create an account, pay for the service, identifyone or more mobile devices to be protected, select options for theservice, identify how the functionality of the device should be altered(e.g. features to implement or restrict) in the event the mobile deviceis lost or stolen, select an alternate caller identification indiciasuch as text to delivered in a caller ID data stream, report a securitycompromise event (such as the loss/theft of the device), and/or downloadsoftware to operate on their mobile device to aid in monitoring andprotecting the mobile device. Alternately, authorized users mayinterface with an automated IVR system and/or human operator over atelephone network. In the event a mobile device is lost or stolen,authorized users may interface with the host server 860 to report thesecurity compromise event (i.e., the loss/theft of the device), trackthe status/location of the mobile device, recover data archived from themobile device and stored by the host server 860, and/or to provideinformation on a security compromise event (such as reporting that thedevice has been located by the authorized user). Communications to andfrom the host server 860 may be protected (e.g., through encryption) asdiscussed above, or in any other manner.

The host server 860 can communicate with unauthorized users of a lost orstolen mobile device, both through the mobile device or through othercommunication methods. The host server 860 may notify the unauthorizeduser that the mobile device is lost or stolen, provide recoveryinformation (such as a shipping address) to the unauthorized user, andfacilitate the delivery of a reward to an unauthorized user who returnsthe mobile device. The host server 860 also communicates with the mobiledevice 800 to provide software updates, receive data for archival,identify files and other data to be protected, and to perform any otheraspect of the present invention.

The host server 860 may be controlled by, or operate in conjunctionwith, an authorized user, telecommunications service provider, mobiledevice monitoring/tracking service provider, security authority, and/orany other desired entity. For example, authorized users and securityauthorities may communicate with or through the host server 860 tomonitor a mobile device 800 and to recover the mobile device 800 if itis lost or stolen. The host server 860 may be configured to providenotifications on how to return a lost/stolen mobile device 800, detect asecurity compromise event, and determine whether a mobile device'sfunctionality should be altered and (if so) determine the manner inwhich the functionality of the mobile device 800 should be altered, asdepicted in FIGS. 1-7 and discussed previously. The host server 860 mayoperate in conjunction with any other desired systems, devices, humanoperators, or other entities.

Operation

FIGS. 9-64 depict various aspects of the operation of exemplaryembodiments according to the present invention. FIGS. 9-16 depictexemplary notification measures that can be provided on a mobilecomputing device such as a laptop computer in accordance with thepresent invention. As shown in the illustrated embodiments, anotification icon or graphic is provided in proximity to input fieldswhere users normally log in to access the mobile computing device. Thenotification icon or graphic is accompanied by text providinginformation regarding returning of the device. The various notificationmessages allow a finder of the mobile device to see that the device isprotected by an application operating in conjunction with the presentinvention as well as to provide information to allow the user to returnthe device. For example, referring now to FIG. 13, screen 1300 providesa link to a website that an innocent finder can click on to return thedevice. Similarly, referring now to FIG. 14, screen 1400 provides entryfields for a finder of the device to enter his or her name, phonenumber, and email address, and submit this information to a securityauthority. Screens 1500 and 1600 in FIGS. 15 and 16 respectively,provide a toll-free phone number and information regarding how to returnthe mobile device.

FIGS. 17-25 depict exemplary notification messages that may be displayedon a cellular phone, a PDA, or handheld mobile device. The notificationmessages alert the finder of the mobile device that the device isprotected by an application operating in conjunction with the presentinvention as well as to provide information to allow the user to returnthe device. For example, referring now to FIGS. 18 and 22, thenotification message may include buttons the user may select to returnthe mobile device. FIGS. 19, 20, and 21 depict notification messagesthat may be displayed when a user of a found mobile device places acall, such as to a security authority. Referring to FIG. 23, thenotification message may include an identification number associatedwith the mobile device as well as any other desired information.

A user of a mobile device protected in accordance with the presentinvention may interface with a host server such as one administered by asecurity authority through a website. FIGS. 26-37 depict exemplaryscreens and processes associated with a host server as exemplified byembodiments of the present invention. A user may be given an opportunityto sign up for a service to protect one or more mobile computing devicesin accordance with the present invention (FIGS. 26-34). After a user hascreated an account, he/she may download a software application to themobile device to be protected, as depicted in flow diagram 2900 in FIG.29. The user is thus provided with information regarding installationand user of the security application (FIG. 30). Referring to FIG. 31,after the user has downloaded and installed the product and hasrestarted the mobile device (if necessary), once a network connection isavailable the application will launch a browser to a web page using aunique identifier such as an identifier tag previous obtained from thehost server. As shown in FIGS. 32-33, a summary of the registrationinformation is also presented to the user through the browser screen,and the screen may present a list of multiple devices protected by theservice.

A user may be given an opportunity to sign up for a service to protectone or more mobile devices in accordance with the present invention.FIG. 34 illustrates an exemplary process for creating an account andregistering a mobile device in accordance with the present invention. Auser creates an account (FIG. 35), selects a mobile device (FIG. 36),and completes the registration (FIG. 37).

FIGS. 38-55 pertain to the installation and registration of a softwareapplication downloaded onto the mobile device. The user initiates aninstallation program (FIG. 38), agrees to a license agreement (FIG. 39),selects a destination in the file system of the mobile device for thesoftware application (FIG. 40), and confirms installation of thesoftware application (FIG. 41). The installation verifies that thesoftware application installs properly, and if not, reinitiates theinstallation program (FIGS. 42-47). The user registers the softwareapplication with the host server (FIGS. 48-57). A finder of a mobiledevice protected in accordance with the mobile device may be directed toa web page hosted by the host server, which allows the finder to reportthat the mobile device has been found (FIG. 58). If desired, anauthorized user may uninstall the application from the mobile device(FIG. 59-64).

FIGS. 65A-65C and FIG. 66 are flow diagrams depicting exemplaryprocesses of the present invention. FIGS. 65A-65C depict flow diagramsof methods 7000, 7008 and 7018 for, among other things, dynamicallyassessing and mitigating risk of an insured entity, while FIG. 66depicts a flow diagram of a method 7024 for, among other things,providing a user of a device with information relevant to a position ofthe device.

Those skilled in the art understand that any of the aforementionedmethods 7000, 7008, 7018 and 7024, as well as any subset or combinationof the elements thereof, may be utilized with any of the systems andmethods described herein. For example, those skilled in the art willappreciate that any of the aforementioned methods 7000, 7008, 7018 and7024, as well as any subset or combination of the elements thereof, maybe employed with the system depicted in FIG. 8, as well as any similarsystem.

Referring to FIG. 65A, a flow diagram depicts a method 7000 for, amongother things, dynamically assessing and mitigating risk of an insuredentity. Method 7000 may include a process 7002 for receiving aninsurance claim, a process 7004 for accessing information to evaluatethe insurance claim and a process 7006 for evaluating the insuranceclaim.

In process 7002, an entity may receive an insurance claim. The entitymay be either tasked with evaluating the merits of the insurance claimby itself or cooperating with multiple entities to evaluate the meritsof the insurance claim. Such an entity may comprise any entity that mayreceive the insurance claim for evaluation of the merits thereof. Forexample, such an entity may comprise a service provider for a mobiledevice, and entity charged with providing insurance service for theservice provider, a law enforcement agency or the like. The insuranceclaim may be received through any available means. For example, theinsurance claim may be reported online, over the phone, by mail or anyother suitable means now or hereafter available. Additionally, theinsurance claim may be for theft, alleged theft, loss, perceived loss orany other claim related to a mobile device.

In process 7004, the entity may access information to evaluate themerits of the insurance claim. In an exemplary embodiment, this may bedone by accessing information stored in a database and the informationstored in the database may be updated as it becomes available. Thisinformation may comprise tracking and loss information about the mobiledevice. As used herein, “tracking and loss information” means anyinformation that may be employed with any test or technique, now orhereafter available, for investigating a crime, an alleged crime, aloss, a perceived loss or any other claim involving a mobile device.

As such, the tracking and loss information may comprise any one or moretypes of information that may be made available from a variety ofsources. For example, the tracking and loss information may comprise:(1) one or more locations of the mobile device, whether the locationsare taken from the past, current time or projecting into the future; (2)any data that may be stored on the mobile device such as a list of madecalls, a list of received calls, a list of missed calls, a list offrequently called numbers (each of the foregoing lists may furtherinclude detailed information normally associated with such lists, suchas time of call, caller, etc.), a list for text messages (which mayinclude any information normally associated with a text message, such asthe sender, the recipient(s), the time, as well as the content of themessage), a list for e-mail messages (which may include any informationnormally associated with an e-mail message, such as the sender and therecipient(s), the time, as well as the content of the message), a listfor Internet access (which may include any information normallyassociated with web browsing, such as a list of visited web pages,search queries, etc.), any data content that may be stored on the mobiledevice, such as pictures, videos, music, etc. and any other data thatmay be stored on the mobile device; or (3) any data that may be providedfrom the mobile device such as a spoken report, a voicemail message, astill image and video, etc.

In process 7006, the merits of the insurance claim may be evaluatedbased on any of the information that may be accessed in process 7004.For example, an evaluation may be made as to whether the mobile deviceis within a defined distance of a defined location, such as a home or aplace of business or another location that may be associated with anauthorized user of the mobile device. In other words, if actual locationdata associated with the mobile device is not where the authorized useris expected to be, one can infer and perhaps conclude that at least thisparticular factor may weigh against finding that the insurance claim isvalid.

Similarly, the information made available in process 7004 may beutilized to determine whether the mobile device has been used to submitthe insurance claim. This information may be useful in evaluating themerits of the claim. For example, if a report has been received that amobile device is lost and the information made available in process 7004indicates that the report is being made on the allegedly-lost mobiledevice, one can infer and perhaps conclude that at least this particularfactor may weigh against finding that the insurance claim is valid.Additionally, if the report has been received that a mobile device islost and the information made available in process 7004 indicates thatthe report is being made from a phone or other means of reporting (suchas an e-mail address) that is not associated with the authorized user,one can similarly infer and perhaps conclude that this particular factormay weigh against finding that the insurance claim is valid.

The information made available in process 7004 may also be utilized todetermine whether the mobile device has been used to call one or morenumbers associated with a frequently called list associated with theauthorized user of the mobile device. This information may also beuseful in evaluating the merits of the claim. For instance, if a reporthas been received that the mobile device has been lost or stolen, whilethe information made available in process 7004 indicates that the mobilenumber associated with the allegedly-lost mobile device has made callsto or received calls from numbers on a frequently called list associatedwith the authorized user, one can infer and similarly conclude that thisparticular factor may weigh against finding that the insurance claim isvalid.

Data from a mobile device that is allegedly stolen or lost may also bemade available in process 7004 for evaluation of the claim. For example,a user may be prompted by any desired means to position the mobiledevice in such a manner that it may take the user's photograph. The usermay either be prompted to take the photograph or the photograph may betaken in response to a remote command. Similarly, a video may be takenof the user of the mobile device or the user's surroundings at anydesired time. Additionally, a spoken report may be obtained over themobile device or a voicemail may be received from the mobile device. Anyof the foregoing may be used to determine whether the user of the mobiledevice matches the authorized user associated with the mobile device. Ofcourse, failure to obtain a match between the authorized user and thecurrent user of the mobile device weighs against finding that theinsurance claim is valid.

It is important to note that the foregoing descriptions of both thetracking and loss information and the use thereof to evaluate the meritsof an insurance claim are merely exemplary. In a more general sense, itbears repeating that (1) any information that may be employed with anytest or technique, now or hereafter available, for investigating acrime, an alleged crime, a loss, a perceived loss or any other claiminvolving a mobile device may be utilized and (2) this information maybe evaluated in any manner which reasonably bears on an evaluation ofthe merits of the insurance claim.

Referring to FIG. 65B, a flow diagram depicts a method 7008 for, amongother things, dynamically assessing and mitigating risk of an insuredentity. Method 7008 may include a process 7010 for analyzing one or morelocations of a mobile device, a process 7012 for determining a risklevel associated with the one or more locations, a process 7014 forgenerating an insurance risk profile (IRP) associated with the one ormore locations and a process 7016 for making a desired determinationbased on at least the foregoing information.

In process 7010, an entity may analyze one or more locations of a mobiledevice. Those skilled in the art understand that the locationinformation for the mobile device may be obtained in any desired manner,now or hereafter available, for subsequent evaluation. The entity may beeither tasked with analyzing the one or more locations of the mobiledevice by itself or cooperating with multiple entities to analyze theone or more locations of the mobile device. Such an entity may compriseany entity that may analyze the one or more locations of the mobiledevice. For example, such an entity may comprise a service provider fora mobile device, and entity charged with providing insurance service forthe service provider, a law enforcement agency and/or the like.

In process 7012, one or more locations of the mobile device associatedwith a user have been analyzed for a determination to be made as to therisk level to be affiliated with the mobile device. Any desired factorthat may in any way weigh on a determination of risk level assessmentmay be employed. It also bears mentioning that the risk may be that tothe user of the mobile device, the mobile device itself or both the userand the mobile device.

As noted, any desired factor that may in any weigh on a determination ofrisk level assessment may be employed, however, the following exemplaryfactors may be employed: (1) determining whether one or more locationsfor the mobile device are within a defined distance of locations knownto be affiliated with the authorized user, such as a home, a place ofbusiness or other location frequently visited by the authorized user;(2) determining whether one or more locations for the mobile device arewithin a non-covered area (i.e., an area that is not authorized forcoverage by an insurer due to the perceived high risk in the non-coveredarea; there may be some places that are perceived by the insurer to beof such high risk from whatever source that the area is not to beentered by the insured); (3) determining whether one or more locationsfor the mobile device are within a region that is covered (from aninsurance perspective) but is still a region perceived to increase riskto the user, the mobile device or both.

Concerning the first exemplary factor above of determining whether oneor more locations for the mobile device are within a defined distance oflocations known to be affiliated with the authorized user, one can inferand reasonably conclude that there may be an elevated risk when the useris traveling somewhere new (i.e., an area that is not frequented by theuser). Concerning the second exemplary factor above, an insurer mayestablish a non-coverage area in any one of a number of differentcircumstances, depending on the needs of the insurer. For example, onemay define a non-coverage area for certain countries, such as a countrybelieved to harbor terrorists or others that increase risk. Increasedrisk need not be affiliated with a country, as increased risk could bebased on a particular region, such as an area with a reported risk forcrime. Concerning the third exemplary factor above, and insurer mayprovide coverage for a particular area while understanding that there issome elevated risk in the area. Perceived risk may be affected by anydesired factor, such as crime statistics, time of day, the weather, thecost of living for particular region, the average income for aparticular region, natural disasters and any other desired factor.

In process 7014, the previously-determined the risk level may be used togenerate an insurance risk profile for the user. Essentially, theinsurance risk profile may be based on any information about the user,as well as one or more locations that the user visits and the determinedrisk level for the one or more locations. As such, the insurance riskprofile may be dynamic, as it may be updated based on one or morelocations visited by the user and the associated risk levels therefore.An advantage of this approach is that it enables an insurer to assessthe risk taken on any individual policy in a dynamic manner. FIG. 65Cdepicts process 7020 assessing whether to modify the insurance riskprofile in process 7022 for modifying the insurance risk profile.Essentially, if there is relevant information to modify an insurancerisk profile, it may be desirable, though not necessary, to do.

In process 7016, any one of a number of different determinations may bemade based on at least the insurance risk profile. For example, aninsurer may determine an insurance policy premium for the user based onthe insurance risk profile. As previously noted, because the insurancerisk profile may be dynamically varied, so too may the insurance policypremium for the user. Ultimately, this will lead to optimal, competitivepricing for the cost of the insurance service.

Process 7016 may also be employed to make a determination that areported claim for loss of a mobile device occurred in a non-coveredarea based on one or more locations of the mobile device. As such, theinsurer may, in such circumstances, rightfully decline coverage of theclaim. Similarly, process 7016 may be employed to make a determinationof whether an operator of a mobile device is authorized to submit aninsurance claim. This determination may be based on any one of a numberof factors, including without limitation, a collection of informationregarding the operator of the mobile device submitting the insuranceclaim. For example, such information may include any of the tracking andloss information discussed above with respect to FIG. 65A that providesinformation regarding the operator of the mobile device.

Process 7016 may additionally be employed to make a determination ofwhether one or more locations of the mobile device are among apredetermined number of locations in a profile of locations most oftenvisited by the mobile device. Failure to find overlap between theassessed one or more locations of the mobile device and the profile oflocations most often visited by the mobile device may tend to suggestthe existence of a fraudulent claim.

Based on determinations made under process 7016, it may be desirable toprovide a location report for the mobile device to a third party. Forexample, if a determination is made that the mobile phone has been lostor stolen, it may well make sense to provide a location report for themobile device to a third party to attempt to retrieve the mobile device.

Similarly, based on determinations made under process 7016, it may bedesirable to transmit a message to the mobile device indicating theexistence of a risk or some hazard associated with the location of themobile device. Additionally, the message may prompt the user to providea response, to confirm that the user is safe in spite of the reportedhazard. If no response was sent from the user or a response was sentindicating that help was required, appropriate help could be assembledand sent to the user, whether it be to the last known location or aprojected location based on a determined track for the user.

Referring to FIG. 66, a flow diagram depicts a method 7024 for, amongother things, providing a user of a mobile device with informationrelevant to a position of the mobile device.

In process 7020, an entity may determine one or more locations of amobile device. Those skilled in the art understand that the locationinformation for the mobile device may be obtained in any desired manner,now or hereafter available, for subsequent evaluation. Alternatively,the entity may simply analyze one or more locations of a mobile device,the locations for which may be determined by the same or another entity.The determining entity may be either tasked with determining the one ormore locations of the mobile device by itself or cooperating withmultiple entities to determine and/or analyze the one or more locationsof the mobile device. Such an entity may comprise any entity that maydetermine the one or more locations of the mobile device. For example,such an entity may comprise any entity wishing to warn a user of apotential hazard or any entity wishing to advise a user of potentialopportunities.

In process 7028, one or more locations of a mobile device associatedwith a user may be (1) analyzed for a determination to be made as to therisk level to be affiliated with the mobile device, (2) analyzed for adetermination to be made as to the level of opportunity to be affiliatedwith the mobile device or (3) both of the foregoing. The analysis fordetermining the risk level to be affiliated with the mobile device maybe performed in a manner similar to that described above with respect toprocess 7012. The analysis for determining the level of opportunity tobe affiliated with the mobile device may similarly be determined. Ineither case, whether evaluating whether there is a risk or anopportunity for a given user, process 7028 may access not only thelocation information for the mobile device and stored informationdescribing risks and/or opportunities for given locations, but also aprofile for the user.

The information describing a risk may comprise any information that maypresent a risk to user. Such risks may be defined by any desired factor,such as crime statistics, time of day, the weather, the cost of livingfor particular region, the average income for particular region, naturaldisasters or any other desired factor. In other words, process 7028 mayaccess stored data which may define risks for given geographic areas anddetermine whether one or more past, current or future locations of themobile device (and its user) are of a level for which a risk reportshould be made to the user by process 2030. Similarly, process 7028 mayaccess stored data which may define opportunities for given geographicareas and determine whether past, current or future locations of themobile device (and its user) are of a lever level for which anopportunity report should be made to the user by process 2030. In bothcases, whether assessing to report risk or opportunity, process 7028 mayaccess a user profile to help make the assessment of whether to make thesubject report. For example, in the context of risk reporting, a userprofile may identify the user to be of a race or ethnicity that is notgenerally welcome in a particular defined area, in which case a reportto the user of a past, present or future danger may be merited.Similarly, in the context of opportunity reporting, a user profile mayindicate that the user like certain foods or types of entertainment thatmay be located in an area in which the user is located, coming from orheading to, in which case a suitable report to the user of theopportunity may be merited.

The particular implementations shown and described above areillustrative of the invention and its best mode and are not intended tootherwise limit the scope of the present invention in any way. Indeed,for the sake of brevity, conventional data storage, data transmission,and other functional aspects of the systems may not be described indetail. Methods illustrated in the various figures may include more,fewer, or other steps. Additionally, steps may be performed in anysuitable order without departing from the scope of the invention.Furthermore, the connecting lines shown in the various figures areintended to represent exemplary functional relationships and/or physicalcouplings between the various elements. Many alternative or additionalfunctional relationships or physical connections may be present in apractical system.

Changes and modifications may be made to the disclosed embodimentswithout departing from the scope of the present invention. These andother changes or modifications are intended to be included within thescope of the present invention, as expressed in the following claims.

What is claimed is:
 1. A method, comprising: receiving an insuranceclaim regarding a mobile device; and evaluating the merits of the claimbased on information obtained from a provided database, the databaseconfigured to store and permit access to tracking and loss informationabout the mobile device.
 2. The method of claim 1 wherein the merits ofthe claim are evaluated at least by determining from the information oneor more of: whether the mobile device is within a predetermined distanceof a home or a business place of an authorized user of the mobiledevice; whether the mobile device is being used to submit the claim; andwhether the mobile device has been used to call one or more numbersassociated with a frequently called list associated with the authorizeduser of the mobile device.
 3. The method of claim 1 wherein theinformation comprises one or more of a current location associated withthe mobile device, a past location associated with the mobile device, aplurality of locations associated with the mobile device wherein theplurality of locations define a track for the mobile device.
 4. Themethod of claim 1 wherein the information comprises one or more of astill image taken from the mobile device, a video stream taken from themobile device, a last phone number dialed from the mobile device, aphone number corresponding to a last call received by the mobile device,a plurality of phone numbers stored in the mobile device over apredetermined period of time, a voice message provided from the mobiledevice and a spoken report provided from the mobile device.
 5. Themethod of claim 1 wherein upon a triggering event the information may beretrieved from the mobile device for storage in the provided database.